summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb/ldb_modules/acl_read.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/acl_read.c')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_read.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 3b8e60c8fd..78a9e28396 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -195,25 +195,24 @@ static int aclread_search(struct ldb_module *module, struct ldb_request *req)
struct aclread_context *ac;
struct ldb_request *down_req;
struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- struct ldb_control *apply_access = ldb_request_get_control(req, DSDB_CONTROL_SEARCH_APPLY_ACCESS);
struct auth_session_info *session_info;
struct ldb_result *res;
struct ldb_message_element *parent;
struct aclread_private *p;
+ bool is_untrusted = ldb_req_is_untrusted(req);
static const char *acl_attrs[] = {
"parentGUID",
NULL
- };
+ };
+
ldb = ldb_module_get_ctx(module);
p = talloc_get_type(ldb_module_get_private(module), struct aclread_private);
- if (apply_access != NULL) {
- apply_access->critical = 0;
- }
+
/* skip access checks if we are system or system control is supplied
* or this is not LDAP server request */
if (!p || !p->enabled ||
dsdb_module_am_system(module)
- || as_system || !apply_access) {
+ || as_system || !is_untrusted) {
return ldb_next_request(module, req);
}
/* no checks on special dn */
generated by cgit (git 2.34.1) at 2024-06-13 15:01:05 +0000